.\"
.\"	$OpenBSD: SSL_CTX_set_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
.\"
.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SET_TIMEOUT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_timeout ,
.Nm SSL_CTX_get_timeout
.Nd manipulate timeout values for session caching
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
.Ft long
.Fn SSL_CTX_get_timeout "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_set_timeout
sets the timeout for newly created sessions for
.Fa ctx
to
.Fa t .
The timeout value
.Fa t
must be given in seconds.
.Pp
.Fn SSL_CTX_get_timeout
returns the currently set timeout value for
.Fa ctx .
.Sh NOTES
Whenever a new session is created, it is assigned a maximum lifetime.
This lifetime is specified by storing the creation time of the session and the
timeout value valid at this time.
If the actual time is later than creation time plus timeout,
the session is not reused.
.Pp
Due to this realization, all sessions behave according to the timeout value
valid at the time of the session negotiation.
Changes of the timeout value do not affect already established sessions.
.Pp
The expiration time of a single session can be modified using the
.Xr SSL_SESSION_get_time 3
family of functions.
.Pp
Expired sessions are removed from the internal session cache, whenever
.Xr SSL_CTX_flush_sessions 3
is called, either directly by the application or automatically (see
.Xr SSL_CTX_set_session_cache_mode 3 ) .
.Pp
The default value for session timeout is decided on a per-protocol basis; see
.Xr SSL_get_default_timeout 3 .
All currently supported protocols have the same default timeout value of 300
seconds.
.Sh RETURN VALUES
.Fn SSL_CTX_set_timeout
returns the previously set timeout value.
.Pp
.Fn SSL_CTX_get_timeout
returns the currently set timeout value.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_get_default_timeout 3 ,
.Xr SSL_SESSION_get_time 3
